Mifare Classic 1K S50 Card

Mifare Classic 1K S50 Card

MF1ICS50(Mifare Classic 1K S50):

NXP has developed the MIFARE MF1ICS50(Mifare Classic 1K S50) to be used in a contactless smart card according to ISO/IEC 14443 Type A. The MIFARE MF1ICS50(Mifare Classic 1K S50) IC is used in applications like public transport ticketing where major cities have adopted MIFARE as their e-ticketing solution of choice.

Key applications(Mifare Classic 1K S50):
Public transportation.
Access control.
Event ticketing.
Gaming & identity.

Anticollision(Mifare Classic 1K S50):
An intelligent anticollision function allows to operate more than one card in the field simultaneously. The anticollision algorithm selects each card individually and ensures that the execution of a transaction with a selected card is performed correctly without data corruption resulting from other cards in the field.

Simple integration and user convenience(Mifare Classic 1K S50):
The MF1ICS50(Mifare Classic 1K S50) is designed for simple integration and user convenience. Which could allow complete ticketing transactions to be handled in less than 100 ms. Thus, the MF1ICS50 card user is not forced to stop at the reader leading to a high throughput at gates and reduced boarding times onto busses. The MIFARE card may also remain in the wallet during the transaction, even if there are coins in it.

Security(Mifare Classic 1K S50):
Mutual three pass authentication (ISO/IEC DIS 9798-2).
Individual set of two keys per sector (per application) to support multi-application with key hierarchy.
Unique serial number for each device.

Delivery options(Mifare Classic 1K S50):
Die on wafer.
Bumped die on wafer.
MOA4 or MOA2 contactless card module.
Flip chip package.

Features and benefits(Mifare Classic 1K S50):
MIFARE, RF Interface (ISO/IEC 14443 A)(Mifare Classic 1K S50):
Contactless transmission of data and supply energy (no battery needed).
Operating distance: Up to 100mm (depending on antenna geometry).
Operating frequency: 13.56 MHz.
Data transfer: 106 kbit/s.
Data integrity: 16 Bit CRC, parity, bit coding, bit counting.
Anticollision.
Typical ticketing transaction: < 100 ms (including backup management).

EEPROM(Mifare Classic 1K S50):
1 Kbyte, organized in 16 sectors with 4 blocks of 16 bytes each (one block consists of 16 byte).
User definable access conditions for each memory block.
Data retention of 10 years.
Write endurance 100.000 cycles.

Block description(Mifare Classic 1K S50)
The MF1ICS50(Mifare Classic 1K S50) chip consists of the 1 Kbyte EEPROM, the RF-Interface and the Digital Control Unit. Energy and data are transferred via an antenna, which consists of a coil with a few turns directly connected to the MF1ICS50. No further external components are necessary. (For details on antenna design please refer to the document MIFARE‚ Card IC Coil Design Guide.)
–RF-Interface:
-Modulator/Demodulator
-Rectifier
-Clock Regenerator
-Power On Reset
-Voltage Regulator
–Anticollision: Several cards in the field may be selected and operated in sequence
–Authentication: Preceding any memory operation the authentication procedure ensures that access to a block is only possible via the two keys specified for

each block
–Control & Arithmetic Logic Unit: Values are stored in a special redundant format and can be incremented and decremented
–EEPROM-Interface
–Crypto unit: The CRYPTO1 stream cipher of the MF1ICS50(Mifare Classic 1K S50) is used for authentication and encryption of data exchange.
–EEPROM: 1 Kbyte is organized in 16 sectors with 4 blocks each. A block contains 16 bytes. The last block of each sector is called “trailer”, which  contains two secret keys and programmable access conditions for each block in this sector.
Communication principle(Mifare Classic 1K S50)
The commands are initiated by the reader and controlled by the Digital Control Unit of the MF1ICS50(Mifare Classic 1K S50) according to the access conditions valid for the corresponding sector.

Request standard/ all(Mifare Classic 1K S50)
After Power On Reset (POR) of a card it can answer to a request command – sent by the reader to all cards in the antenna field – by sending the answer to request code (ATQA according to ISO/IEC 14443A).

Anticollision loop(Mifare Classic 1K S50)
In the anticollision loop the serial number of a card is read. If there are several cards in the operating range of the reader, they can be distinguished by their unique serial numbers and one can be selected (select card) for further transactions. The unselected cards return to the standby mode and wait for a new request command.

Select card(Mifare Classic 1K S50)
With the select card command the reader selects one individual card for authentication and memory related operations. The card returns the Answer To Select (ATS) code (= 08h), which determines the type of the selected card. Please refer to the document MIFARE‚ Standardized Card Type Identification Procedure for further details.

Three pass authentication(Mifare Classic 1K S50)
After selection of a card the reader specifies the memory location of the following memory access and uses the corresponding key for the three pass authentication procedure. After a successful authentication all memory operations are encrypted.

 Memory operations(Mifare Classic 1K S50):
After authentication any of the following operations may be performed:
-Read block.
-Write block.
-Decrement: Decrements the content of a block and stores the result in a temporary internal data-register.
-Increment: Increments the content of a block and stores the result in the data-register.
-Restore: Moves the content of a block into the data-register.
-Transfer: Writes the content of the temporary internal data-register to a value block.

Data integrity(Mifare Classic 1K S50):
Following mechanisms are implemented in the contactless communication link between reader and card to ensure very reliable data transmission:
-16 bits CRC per block.
-Parity bits for each byte.
-Bit count checking.
-Bit coding to distinguish between “1″, “0″, and no information.
-Channel monitoring (protocol sequence and bit stream analysis).

Three pass authentication sequence(Mifare Classic 1K S50):
1.The reader specifies the sector to be accessed and chooses key A or B.
2.The card reads the secret key and the access conditions from the sector trailer. Then the card sends a random number as the challenge to the reader (pass one).
3.The reader calculates the response using the secret key and additional input. The response, together with a random challenge from the reader, is then transmitted to the card (pass two).
4.The card verifies the response of the reader by comparing it with its own challenge and then it calculates the response to the challenge and transmits it (pass three).
5.The reader verifies the response of the card by comparing it to its own challenge.

After transmission of the first random challenge the communication between card and reader is encrypted.

RF interface(Mifare Classic 1K S50):
The RF-interface is according to the standard for contactless smart cards ISO/IEC14443A.

The carrier field from the reader is always present (with short pauses when transmitting), because it is used for the power supply of the card. For both directions of data communication there is only one start bit at the beginning of each frame. Each byte is transmitted with a parity bit (odd parity) at the end. The LSB of the byte with the lowest address of the selected block is transmitted first. The maximum frame length is 163 bits (16 data bytes + 2 CRC bytes = 16 * 9 + 2 * 9 + 1 start bit).

Memory organization(Mifare Classic 1K S50):
The 4 kByte EEPROM memory is organised in 32 sectors with 4 blocks and in 8 sectors with 16 blocks. One block consists of 16 bytes. In the erased state the EEPROM cells are read as a logical “0″, in thwritten state as a logical “1″.

Manufacturer block(Mifare Classic 1K S50):
This is the first data block (block 0) of the first sector (sector 0). It contains the IC manufacturer data. Due to security and system requirements this block is write rotected
after having been programmed by the IC manufacturer at production.

 Data blocks(Mifare Classic 1K S50):
Sectors 0..31 contain 3blocks and sectors 32..39 contain 15blocks for storing data. (Sector 0 contains only two data blocks and the read-only manufacturer block).
The data blocks can be configured by the access bits as:
read/write blocks for e.g. contactless access control or value blocks for e.g. electronic purse applications, where additional commands like increment and decrement for direct control of the stored value are provided.
An authentication command has to be carried out before any operation in order to allow
further commands.

Value Blocks(Mifare Classic 1K S50):
The value blocks allow to perform electronic purse functions (valid commands: read, write, increment, decrement, restore, transfer).The value blocks have a fixed data format which permits error detection and correction and a backup management. A value block can only be generated through a write operation in the value block format:
A value block can only be generated through a write operation in the value block format:
Value: Signifies a signed 4-byte value. The lowest significant byte of a value is stored in the lowest address byte. Negative values are stored in standard 2!as complement format. For reasons of data integrity and security, a value is stored three times, twice non-inverted and once inverted.
Adr: Signifies a 1-byte address, which can be used to save the storage address of a block, when implementing a powerful backup management. The address byte is stored four times, twice inverted and non-inverted. During increment, decrement, restore and transfer operations the address remains unchanged. It can only be altered via a write command.

Sector trailer(Mifare Classic 1K S50):
Each sector has a sector trailer. Due to the memory configuration of the MF1ICS70 this sector trailer is located in block 3 of each sector in the first two kByte of the NV-memory respectively in block 15 of each sector in the upper 2 kByte of the 4 kByte NV-memory.
Each sector trailer holds the secret keys A and B (optional), which return logical “0″ when read and the access conditions for the four blocks of that sector, which are stored in bytes 6…9. The access bits also specify the type (read/write or value) of the data blocks.
If key B is not needed, the last 6 bytes of the sector trailer can be used as data bytes.Byte 9 of the sector trailer is available for user data. For this byte the same access rights as for byte 6, 7 and 8 apply.
All keys are set to FFFFFFFFFFFFh at chip delivery.

Memory access(Mifare Classic 1K S50):
Before any memory operation can be carried out, the card has to be selected and authenticated as described previously.The possible memory operations for an addressed block depend on the key used and the access conditions stored in the associated sector trailer.

 Access conditions(Mifare Classic 1K S50):
The access conditions for every data block and sector trailer are defined by 3 bits, which are stored non-inverted and inverted in the sector trailer of the specified sector.
The access bits control the rights of memory access using the secret keys A and B. The access conditions may be altered, provided one knows the relevant key and the current access condition allows this operation.
Remark: With each memory access the internal logic verifies the format of the access conditions. If it detects a format violation the whole sector is irreversible blocked.
Remark: In the following description the access bits are mentioned in the non-inverted mode only.
The internal logic of the MF1ICS70 ensures that the commands are executed only after an authentication procedure or never.

 Access conditions for the sector trailer(Mifare Classic 1K S50):
Depending on the access bits for the sector trailer (block 3) the read/write access to the keys and the access bits is specified as ‘never’, “key A”, “key B” or key A|B’ (ke
keyB).
On chip delivery the access conditions for the sector trailers and key A are predefined as transport configuration. Since key B may be read in transport configuration, new cards
must be authenticated with key A. Since the access bits themselves can also be blocked, special care should be taken during personalization of cards.

Access conditions for data blocks(Mifare Classic 1K S50):
Depending on the access bits for data blocks (blocks 0…2) the read/write access is specified as ‘never’, ‘key A’, ‘key B’or ‘key A|B’ (key A or keyB). The setting of the relevant access bits defines the application and the corresponding applicable commands.
-Read/write block: The operations read and write are allowed.
-Value block: Allows the additional value operations increment, decrement, transfer and restore. In one case (’001′) only read and decrement are possible for non-rechargeable card. In the other case (’110′) recharging is possible by using key B.
-Manufacturer block: The read-only condition is not affected by the access bits setting!
-Key management: In transport configuration key A must be used for authentication.